Commit 451a4320 authored by ale's avatar ale
Browse files

Add option to enforce 2FA on a service

parent f9107816
......@@ -161,6 +161,7 @@ type BackendSpec struct {
type ServiceConfig struct {
BackendSpecs []*BackendSpec `yaml:"backends"`
ChallengeResponse bool `yaml:"challenge_response"`
Enforce2FA bool `yaml:"enforce_2fa"`
Ratelimits []string `yaml:"rate_limits"`
......@@ -379,7 +380,7 @@ func (s *Server) authenticateUser(req *auth.Request, serviceConfig *ServiceConfi
// has 2FA enabled or not, and on whether the service itself
// supports challenge-response authentication.
var resp *auth.Response
if user.Has2FA() {
if serviceConfig.Enforce2FA || user.Has2FA() {
if serviceConfig.ChallengeResponse {
resp = s.authenticateUserWith2FA(user, req)
} else {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment